bmt 0.8.0 → 0.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/bmt/version.rb +1 -1
- data/lib/data/0.1/methodologies/ai_llm.json +515 -278
- data/lib/data/0.1/methodologies/api_testing.json +24 -52
- data/lib/data/0.9/mappings/templates.json +17 -0
- data/lib/data/0.9/mappings/templates.schema.json +62 -0
- data/lib/data/0.9/methodologies/active_directory.json +426 -0
- data/lib/data/0.9/methodologies/ai_llm.json +280 -0
- data/lib/data/0.9/methodologies/api_testing.json +687 -0
- data/lib/data/0.9/methodologies/binaries.json +252 -0
- data/lib/data/0.9/methodologies/internal_network.json +454 -0
- data/lib/data/0.9/methodologies/mobile_android.json +514 -0
- data/lib/data/0.9/methodologies/mobile_ios.json +452 -0
- data/lib/data/0.9/methodologies/network.json +207 -0
- data/lib/data/0.9/methodologies/template.json +83 -0
- data/lib/data/0.9/methodologies/website_testing.json +1078 -0
- data/lib/data/0.9/schema.json +124 -0
- metadata +21 -8
- /data/lib/data/{0.1 → 0.9}/methodologies/hardware_testing.json +0 -0
|
@@ -0,0 +1,252 @@
|
|
|
1
|
+
{
|
|
2
|
+
"metadata": {
|
|
3
|
+
"title": "Binary",
|
|
4
|
+
"release_date": "2022-01-10T00:00:00+00:00",
|
|
5
|
+
"description": "Bugcrowd Binary testing methodology",
|
|
6
|
+
"vrt_version": "10.0.1"
|
|
7
|
+
},
|
|
8
|
+
"content": {
|
|
9
|
+
"steps": [
|
|
10
|
+
{
|
|
11
|
+
"key": "insufficient_authentication_authorization",
|
|
12
|
+
"title": "Insufficient Authentication/Authorization",
|
|
13
|
+
"description": "",
|
|
14
|
+
"type": "checklist",
|
|
15
|
+
"items": [
|
|
16
|
+
{
|
|
17
|
+
"description": "",
|
|
18
|
+
"key": "multi_user_environment",
|
|
19
|
+
"caption": "",
|
|
20
|
+
"title": "Assess the application for multi-user environments and ensure it includes functionality for role separation."
|
|
21
|
+
},
|
|
22
|
+
{
|
|
23
|
+
"description": "",
|
|
24
|
+
"key": "password_recovery_mechanism",
|
|
25
|
+
"caption": "",
|
|
26
|
+
"title": "Assess password recovery mechanisms and ensure session management is properly maintained/terminated at the remote endpoint."
|
|
27
|
+
}
|
|
28
|
+
]
|
|
29
|
+
},
|
|
30
|
+
{
|
|
31
|
+
"key": "insecure_network_services",
|
|
32
|
+
"title": "Insecure Network Services",
|
|
33
|
+
"description": "",
|
|
34
|
+
"type": "checklist",
|
|
35
|
+
"items": [
|
|
36
|
+
{
|
|
37
|
+
"description": "",
|
|
38
|
+
"key": "ensure_network_services",
|
|
39
|
+
"caption": "",
|
|
40
|
+
"title": "Assess the application to ensure network services for potentially interesting crashes or denial-of-service conditions that might indicate the presence of a memory corruption issue."
|
|
41
|
+
},
|
|
42
|
+
{
|
|
43
|
+
"description": "",
|
|
44
|
+
"key": "ensure_debugging_services",
|
|
45
|
+
"caption": "",
|
|
46
|
+
"title": "Assess the application to ensure debugging services are not present (and if present, test those services for access controls/default credentials)."
|
|
47
|
+
}
|
|
48
|
+
]
|
|
49
|
+
},
|
|
50
|
+
{
|
|
51
|
+
"key": "lack_of_transport_encryption",
|
|
52
|
+
"title": "Lack of Transport Encryption",
|
|
53
|
+
"description": "",
|
|
54
|
+
"type": "checklist",
|
|
55
|
+
"items": [
|
|
56
|
+
{
|
|
57
|
+
"description": "",
|
|
58
|
+
"key": "assess_encrypted_communication",
|
|
59
|
+
"caption": "",
|
|
60
|
+
"title": "Assess the application to determine the use of modern encrypted communication between endpoints."
|
|
61
|
+
},
|
|
62
|
+
{
|
|
63
|
+
"description": "",
|
|
64
|
+
"key": "assess_encrypted_practice",
|
|
65
|
+
"caption": "",
|
|
66
|
+
"title": "Assess the application to determine if accepted encryption practices are used."
|
|
67
|
+
}
|
|
68
|
+
]
|
|
69
|
+
},
|
|
70
|
+
{
|
|
71
|
+
"key": "privacy_concerns",
|
|
72
|
+
"title": "Privacy Concerns",
|
|
73
|
+
"description": "",
|
|
74
|
+
"type": "checklist",
|
|
75
|
+
"items": [
|
|
76
|
+
{
|
|
77
|
+
"description": "",
|
|
78
|
+
"key": "assess_personal_information_collected",
|
|
79
|
+
"caption": "",
|
|
80
|
+
"title": "Assess the application to determine the amount of personal information collected."
|
|
81
|
+
},
|
|
82
|
+
{
|
|
83
|
+
"description": "",
|
|
84
|
+
"key": "assess_personal_data_encryption",
|
|
85
|
+
"caption": "",
|
|
86
|
+
"title": "Assess the application to determine if collected personal data is properly protected using encryption at rest and in transit."
|
|
87
|
+
},
|
|
88
|
+
{
|
|
89
|
+
"description": "",
|
|
90
|
+
"key": "assess_data_de_identified_or_anonymized",
|
|
91
|
+
"caption": "",
|
|
92
|
+
"title": "Assess the application to determine if data is de-identified or anonymized."
|
|
93
|
+
},
|
|
94
|
+
{
|
|
95
|
+
"description": "",
|
|
96
|
+
"key": "no_sesitive_data",
|
|
97
|
+
"caption": "",
|
|
98
|
+
"title": "No sensitive data, such as passwords or pins, are exposed through the user interface."
|
|
99
|
+
},
|
|
100
|
+
{
|
|
101
|
+
"description": "",
|
|
102
|
+
"key": "no_sensitive_log_info",
|
|
103
|
+
"caption": "",
|
|
104
|
+
"title": "No sensitive information is contained in logs generated by the application."
|
|
105
|
+
},
|
|
106
|
+
{
|
|
107
|
+
"description": "",
|
|
108
|
+
"key": "assess_personal_info_sending_to_remote_location",
|
|
109
|
+
"caption": "",
|
|
110
|
+
"title": "Assess whether the application sends personal/identifying information to a remote location even though it is only required for local use."
|
|
111
|
+
}
|
|
112
|
+
]
|
|
113
|
+
},
|
|
114
|
+
{
|
|
115
|
+
"key": "insecure_cloud_interface",
|
|
116
|
+
"title": "Insecure Cloud Interface (where applicable)",
|
|
117
|
+
"description": "",
|
|
118
|
+
"type": "checklist",
|
|
119
|
+
"items": [
|
|
120
|
+
{
|
|
121
|
+
"description": "",
|
|
122
|
+
"key": "assess_cloud_for_security_vulnerability",
|
|
123
|
+
"caption": "",
|
|
124
|
+
"title": "Assess the cloud interfaces for security vulnerabilities (e.g.testing both API interfaces and cloud-based web interfaces for common (and uncommon) web application issues)."
|
|
125
|
+
},
|
|
126
|
+
{
|
|
127
|
+
"description": "",
|
|
128
|
+
"key": "assess_secure_transport_in_cloud",
|
|
129
|
+
"caption": "",
|
|
130
|
+
"title": "Assess all cloud interfaces to ensure secure transport encryption is used."
|
|
131
|
+
}
|
|
132
|
+
]
|
|
133
|
+
},
|
|
134
|
+
{
|
|
135
|
+
"key": "insecure_software_firmware",
|
|
136
|
+
"title": "Insecure Software/Firmware",
|
|
137
|
+
"description": "",
|
|
138
|
+
"type": "checklist",
|
|
139
|
+
"items": [
|
|
140
|
+
{
|
|
141
|
+
"description": "",
|
|
142
|
+
"key": "assess_application_update_capability",
|
|
143
|
+
"caption": "",
|
|
144
|
+
"title": "Assess the application to ensure it includes update capability and can be updated quickly when vulnerabilities are discovered."
|
|
145
|
+
},
|
|
146
|
+
{
|
|
147
|
+
"description": "",
|
|
148
|
+
"key": "assess_encrypted_file_transfer",
|
|
149
|
+
"caption": "",
|
|
150
|
+
"title": "Assess the application to ensure it uses encrypted update files and that the files are transmitted using encryption."
|
|
151
|
+
},
|
|
152
|
+
{
|
|
153
|
+
"description": "",
|
|
154
|
+
"key": "assess_signed_files",
|
|
155
|
+
"caption": "",
|
|
156
|
+
"title": "Assess the application to ensure it uses signed files and then validates those files before installation."
|
|
157
|
+
},
|
|
158
|
+
{
|
|
159
|
+
"description": "",
|
|
160
|
+
"key": "assess_insecure_function_calls",
|
|
161
|
+
"caption": "",
|
|
162
|
+
"title": "Assess the application for insecure/dangerous function calls."
|
|
163
|
+
},
|
|
164
|
+
{
|
|
165
|
+
"description": "",
|
|
166
|
+
"key": "assess_user_input_sanitization",
|
|
167
|
+
"caption": "",
|
|
168
|
+
"title": "Assess the application to ensure ensure all user-controllable input data is sanitized prior to use."
|
|
169
|
+
},
|
|
170
|
+
{
|
|
171
|
+
"description": "",
|
|
172
|
+
"key": "ensure_all_third_party_components",
|
|
173
|
+
"caption": "",
|
|
174
|
+
"title": "Ensure all third party components used by the application, such as libraries and frameworks, are identified, and checked for known vulnerabilities."
|
|
175
|
+
},
|
|
176
|
+
{
|
|
177
|
+
"description": "",
|
|
178
|
+
"key": "assess_hardcoded_sensitive_info",
|
|
179
|
+
"caption": "",
|
|
180
|
+
"title": "Assess the application for signs of hardcoded sensitive information - e.g. credentials, URLs, API keys, etc."
|
|
181
|
+
},
|
|
182
|
+
{
|
|
183
|
+
"description": "",
|
|
184
|
+
"key": "assess_secure_random_number_generator",
|
|
185
|
+
"caption": "",
|
|
186
|
+
"title": "Assess the application to ensure all random values are generated using a sufficiently secure random number generator."
|
|
187
|
+
},
|
|
188
|
+
{
|
|
189
|
+
"description": "",
|
|
190
|
+
"key": "assess_input_via_dynamic_testing",
|
|
191
|
+
"caption": "",
|
|
192
|
+
"title": "Assess inputs on the application via dynamic testing (e.g. fuzzing) to identify potentially interesting crashes or denial-of-service conditions that might suggest the presence of a memory corruption or command injection issue."
|
|
193
|
+
},
|
|
194
|
+
{
|
|
195
|
+
"description": "",
|
|
196
|
+
"key": "assess_misconfigured_permission",
|
|
197
|
+
"caption": "",
|
|
198
|
+
"title": "Assess the application for misconfigured permissions, allowing for the escalation of privileges (e.g. DLL spoofing/hijacking, etc)."
|
|
199
|
+
},
|
|
200
|
+
{
|
|
201
|
+
"description": "",
|
|
202
|
+
"key": "assess_minimal_permissions",
|
|
203
|
+
"caption": "",
|
|
204
|
+
"title": "Assess the application to ensure it only uses the minimum set of permissions necessary."
|
|
205
|
+
},
|
|
206
|
+
{
|
|
207
|
+
"description": "",
|
|
208
|
+
"key": "assess_object_deserialization",
|
|
209
|
+
"caption": "",
|
|
210
|
+
"title": "Assess the application for unsafe object deserialization behavior that might lead to command injection."
|
|
211
|
+
},
|
|
212
|
+
{
|
|
213
|
+
"description": "",
|
|
214
|
+
"key": "assess_compiler_os_exploit_mitigation",
|
|
215
|
+
"caption": "",
|
|
216
|
+
"title": "Assess the application to ensure Basic OS/compiler exploit mitigation features, such stack protection/exploit mitigation (DEP, ASLR, stack canaries, etc) are activated."
|
|
217
|
+
},
|
|
218
|
+
{
|
|
219
|
+
"description": "",
|
|
220
|
+
"key": "assess_authentication_bypass",
|
|
221
|
+
"caption": "",
|
|
222
|
+
"title": "Assess the application for authentication bypasses and backdoors, allowing for access to functions/features outside of intended-use flows."
|
|
223
|
+
},
|
|
224
|
+
{
|
|
225
|
+
"description": "",
|
|
226
|
+
"key": "assess_application_for_internal_use",
|
|
227
|
+
"caption": "",
|
|
228
|
+
"title": "Assess the application for ability to access/use components meant for internal or administrative use (e.g. leftover debugging functionality not intended to exist in production)."
|
|
229
|
+
},
|
|
230
|
+
{
|
|
231
|
+
"description": "",
|
|
232
|
+
"key": "assess_for_undocumented_api_endpoints",
|
|
233
|
+
"caption": "",
|
|
234
|
+
"title": "Assess the application for undocumented API endpoints, and assess those for common vulnerabilities, as well as authentication bypasses."
|
|
235
|
+
}
|
|
236
|
+
]
|
|
237
|
+
},
|
|
238
|
+
{
|
|
239
|
+
"key": "upload_logs",
|
|
240
|
+
"title": "Upload logs",
|
|
241
|
+
"description": "This should include all associated traffic associated to the in-scope targets.",
|
|
242
|
+
"type": "large_upload"
|
|
243
|
+
},
|
|
244
|
+
{
|
|
245
|
+
"key": "executive_summary",
|
|
246
|
+
"title": "Executive summary",
|
|
247
|
+
"description": "The executive summary should be written with a high-level view of both risk and business impact. It should be concise and clear, therefore it is important to use plain English. This ensures that non-technical readers can gain insight into security concerns outlined in your report.",
|
|
248
|
+
"type": "executive_summary"
|
|
249
|
+
}
|
|
250
|
+
]
|
|
251
|
+
}
|
|
252
|
+
}
|